Not logged in | Login
Rest Amazon Service
AmazonWS REST security mechanism is a little different than Google's REST security mechanism. Google requires user to do a POST operation first using username/password, and returns a security token to be used for subsequent Http requests. AmazonWS security is different. Amazon pre-issue user a pair of accessKeyId/secretyAccessKey, and for every request, user needs to put in the Http header the "Authorization" header. This header is calculated using this formula:
Authorization = "AWS" + " " + AWSAccessKeyId + ":" + Signature; Signature = Base64( HMAC-SHA1( UTF-8-Encoding-Of( StringToSign ) ) ); StringToSign = HTTP-Verb + "\n" + Content-MD5 + "\n" + Content-Type + "\n" + Date + "\n" + CanonicalizedAmzHeaders + CanonicalizedResource; CanonicalizedResource = [ "/" + Bucket ] + <HTTP-Request-URI, from the protocol name up to the query string> + [ sub-resource, if present. For example "?acl", "?location", "?logging", or "?torrent"]; CanonicalizedAmzHeaders = <described below>
Another requirement is that "Date" header should always be set, and should be in a compliant format such as "EEE, dd MMM yyyy HH:mm:ss ".
The above two items are easy to do in Java, but not easy to do in BPEL, thus in the sample project we are creating, we use a EJB webservice as a helper library for BPEL to accomplish these two tasks.
See Figures below:
Basically, the flow sequence is as follows"
See picture below on how to populate the HTTP headers in BPEL mapper:
To see how the sample project is built, download it from amazonprojects.zip. Note: to run it you have to replace the "secretAccessKey" in the BPEL file with your own secretAccessKey.